<?php
include "validate.php";

if (isset($_POST["name"]))
	$new_name = $_POST["name"];
else
	$new_name = "";
if (isset($_POST["login"]))
	$login_name = $_POST["login"];
else
	$login_name = "";
if (isset($_POST["pwd"]))
	$pwd = $_POST["pwd"];
else
	$pwd = "";
if (isset($_POST["pwd2"]))
	$pwd2 = $_POST["pwd2"];
else
	$pwd2 = "";
if (isset($_POST["admin_pwd"]))
	$admin_pwd = $_POST["admin_pwd"];
else
	$admin_pwd = "";


$query = "	SELECT COUNT(*) as NUM
			FROM login
			WHERE user_name LIKE '%" . $_SESSION["username"] . "%'
				AND account_pass LIKE '%" . sha1($admin_pwd) . "%';";

$result = mysql_query($query);

$row = mysql_fetch_array($result);

if ($row['NUM'] != 0)
{
	if ($row['NUM'] != 1)
	{
		error_log("Login:  Multiple valid users.");
	}
	else if (strcmp($pwd, $pwd2) != 0)
	{
		$_SESSION["message"] = "Passwords Don't Match";
		header("Location:create_admin.php");
	}
	else if (strlen($pwd) < 4)
	{
		$_SESSION["message"] = "Password Too Short";
		header("Location:create_admin.php");
	}
	else if (strlen($login_name) < 3)
	{
		$_SESSION["message"] = "Username Too Short";
		header("Location:create_admin.php");
	}
	else if (strlen($new_name) < 3)
	{
		$_SESSION["message"] = "Admin Name Too Short";
		header("Location:create_admin.php");
	}
	else
	{
		$query = "	INSERT INTO login (full_name, user_name, account_pass) 
				VALUES ('" . $new_name . "', '" . $login_name . "', '" . sha1($pwd) . "');";

		mysql_query($query);
		$_SESSION["message"] = "Update Successful";
		header("Location:create_admin.php");
	}
}
else
{
	$_SESSION["message"] = "Invalid Password";
	header("Location:create_admin.php");
}
?>

